One of our clients requested to refresh PMK (more about PMK) every 5 minutes during deployment of Cisco ISE and Meraki solution.
Create new Authorization Profile in Cisco ISE (Policy – Policy Elements – Results – Authorization Profile)
–Reauthentication—To choose, select the check box and enter a value in seconds for maintaining connectivity during reauthentication. You can also choose attribute values from the Timer drop-down list. You choose to maintain connectivity during reauthentication by selecting to use either the default (a value of 0) or RADIUS-Request (a value of 1) from the drop-down list. Setting this to the RADIUS-Request value maintains connectivity during the reauthentication process.
Associate your new AuthZ profile with 802.1x policy. Done!
How to test?
- Check your Live Logs panel (Operations – RADIUS – Live Logs). You should be able to see authorization roughly every 45 seconds.
- Capture traffic at your Meraki AP.
Use filter expression “port 1812 or port 1813 or port 3799” to capture only RADIUS traffic.
The result of our packet capture. RADIUS Access-Request every 45 seconds